Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Fetching contributors…
Cannot retrieve contributors at this time
1350 lines (1167 sloc) 56 KB
\indextext{diagnostic message|see{message, diagnostic}}%
\indexdefn{conditionally-supported behavior!see{behavior, conditionally-supported}}%
\indextext{dynamic type|see{type, dynamic}}%
\indextext{static type|see{type, static}}%
\indextext{ill-formed program|see{program, ill-formed}}%
\indextext{well-formed program|see{program, well-formed}}%
\indextext{implementation-defined behavior|see{behavior, implemen\-tation-defined}}%
\indextext{undefined behavior|see{behavior, undefined}}%
\indextext{unspecified behavior|see{behavior, unspecified}}%
\indextext{implementation limits|see{limits, implementation}}%
\indextext{locale-specific behavior|see{behavior, locale-specific}}%
\indextext{multibyte character|see{character, multibyte}}%
\indextext{object|seealso{object model}}%
\indextext{subobject|seealso{object model}}%
\indextext{derived class!most|see{most derived class}}%
\indextext{derived object!most|see{most derived object}}%
\indextext{program execution!as-if rule|see{as-if~rule}}%
\indextext{observable behavior|see{behavior, observable}}%
\indextext{precedence of operator|see{operator, precedence of}}%
\indextext{order of evaluation in expression|see{expression, order of evaluation of}}%
\indextext{atomic operations|see{operation, atomic}}%
\indextext{multiple threads|see{threads, multiple}}%
\indextext{normative references|see{references, normative}}
This International Standard specifies requirements for implementations
of the \Cpp programming language. The first such requirement is that
they implement the language, and so this International Standard also
defines \Cpp. Other requirements and relaxations of the first
requirement appear at various places within this International Standard.
\Cpp is a general purpose programming language based on the C
programming language as described in ISO/IEC 9899:1999
\doccite{Programming languages --- C} (hereinafter referred to as the
\indexdefn{C!standard}\term{C standard}). In addition to
the facilities provided by C, \Cpp provides additional data types,
classes, templates, exceptions, namespaces, operator
overloading, function name overloading, references, free store
management operators, and additional library facilities.%
\rSec1[intro.refs]{Normative references}
The following referenced documents are indispensable for the application
of this document. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document
(including any amendments) applies.
\item Ecma International, \doccite{ECMAScript Language Specification},
Standard Ecma-262, third edition, 1999.
\item ISO/IEC 2382 (all parts), \doccite{Information technology ---
\item ISO/IEC 9899:1999, \doccite{Programming languages --- C}
\item ISO/IEC 9899:1999/Cor.1:2001(E), \doccite{Programming languages --- C,
Technical Corrigendum 1}
\item ISO/IEC 9899:1999/Cor.2:2004(E), \doccite{Programming languages --- C,
Technical Corrigendum 2}
\item ISO/IEC 9899:1999/Cor.3:2007(E), \doccite{Programming languages --- C,
Technical Corrigendum 3}
\item ISO/IEC 9945:2003, \doccite{Information Technology --- Portable
Operating System Interface (POSIX)}
\item ISO/IEC 10646-1:1993, \doccite{Information technology ---
Universal Multiple-Octet Coded Character Set (UCS) --- Part 1:
Architecture and Basic Multilingual Plane}
\item ISO/IEC TR 19769:2004, \doccite{Information technology ---
Programming languages, their environments and system software interfaces
--- Extensions for the programming language C to support new character
data types}
The library described in Clause 7 of ISO/IEC 9899:1999 and Clause 7 of
ISO/IEC 9899:1999/Cor.1:2001 and Clause 7 of ISO/IEC
9899:1999/Cor.2:2003 is hereinafter called the
\indexdefn{C!standard library}\term{C standard
library}.\footnote{With the qualifications noted in Clauses~\ref{\firstlibchapter}
through~\ref{\lastlibchapter} and in~\ref{diff.library}, the C standard
library is a subset of the \Cpp standard library.}
The library described in ISO/IEC TR 19769:2004 is hereinafter called the
\indexdefn{C!Unicode TR}\term{C Unicode TR}.
The operating system interface described in ISO/IEC 9945:2003 is
hereinafter called \defn{POSIX}.
The ECMAScript Language Specification described in Standard Ecma-262 is
hereinafter called \defn{ECMA-262}.
\rSec1[intro.defs]{Terms and definitions}
For the purposes of this document, the following definitions apply.
defines additional terms that are used only in Clauses~\ref{library}
through~\ref{\lastlibchapter} and Annex~\ref{depr}.
Terms that are used only in a small portion of this International
Standard are defined where they are used and italicized where they are
\indexdefn{argument!function call expression}
actual argument\\
actual parameter\\
<function call expression> expression in the comma-separated list bounded by the parentheses
\indexdefn{argument!function-like macro}%
actual argument\\
actual parameter\\
<function-like macro> sequence of preprocessing tokens in the
comma-separated list bounded by the parentheses
\indexdefn{argument!throw expression}%
actual argument\\
actual parameter\\
<throw expression> the operand of \tcode{throw}
\indexdefn{argument!template instantiation}%
actual argument\\
actual parameter\\
<template instantiation>
\grammarterm{type-id} or \grammarterm{template-name} in the comma-separated
list bounded by the angle brackets
program construct that an implementation is not required to support\\
\enternote Each implementation documents all conditionally-supported
constructs that it does not support.\exitnote
\definition{diagnostic message}{defns.diagnostic}
message belonging to an \impldef{diagnostic message} subset of the
implementation's output messages
\definition{dynamic type}{defns.dynamic.type}
<glvalue> type of the most derived object~(\ref{intro.object}) to which the
glvalue denoted by a glvalue expression refers\\
if a pointer~(\ref{dcl.ptr}) \tcode{p} whose static type is ``pointer to
class \tcode{B}'' is pointing to an object of class \tcode{D}, derived
from \tcode{B} (Clause~\ref{class.derived}), the dynamic type of the
expression \tcode{*p} is ``\tcode{D}.'' References~(\ref{dcl.ref}) are
treated similarly.
\definition{dynamic type}{defns.dynamic.type.prvalue}
<prvalue> static type of the prvalue expression
\definition{ill-formed program}{defns.ill.formed}
program that is not well formed
\definition{implementation-defined behavior}{defns.impl.defined}
behavior, for a well-formed program construct and correct data, that
depends on the implementation and that each implementation documents
\definition{implementation limits}{defns.impl.limits}
restrictions imposed upon programs by the implementation
\definition{locale-specific behavior}{defns.locale.specific}
behavior that depends on local conventions of nationality, culture, and
language that each implementation documents
\definition{multibyte character}{defns.multibyte}
sequence of one or more bytes representing a member of the extended
character set of either the source or the execution environment\\
\enternote The
extended character set is a superset of the basic character
\indexdefn{parameter!catch clause}%
formal argument\\
formal parameter\\
<function or catch clause> object or reference declared as part of a function declaration or
definition or in the catch clause of an exception handler that
acquires a value on entry to the function or handler
\indexdefn{parameter!function-like macro}%
formal argument\\
formal parameter\\
<function-like macro> identifier from
the comma-separated list bounded by the parentheses immediately
following the macro name
formal argument\\
formal parameter\\
<template> \grammarterm{template-parameter}
<function> name, parameter type list~(\ref{dcl.fct}), and enclosing namespace (if any)\\
\enternote Signatures are used as a basis for
name mangling and linking.\exitnote
<function template> name, parameter type list~(\ref{dcl.fct}), enclosing namespace (if any),
return type, and template parameter list
<function template specialization> signature of the template of which it is a specialization
and its template arguments (whether explicitly specified or deduced)
<class member function> name, parameter type list~(\ref{dcl.fct}), class of which the
function is a member, \cv-qualifiers (if any),
and \grammarterm{ref-qualifier} (if any)
<class member function template> name, parameter type list~(\ref{dcl.fct}), class of which the
function is a member, \cv-qualifiers (if any),
\grammarterm{ref-qualifier} (if any), return type, and template parameter list
<class member function template specialization> signature of the member function template
of which it is a specialization and its template arguments (whether explicitly specified or deduced)
\definition{static type}{defns.static.type}
type of an expression~(\ref{basic.types}) resulting from
analysis of the program without considering execution semantics\\
\enternote The
static type of an expression depends only on the form of the program in
which the expression appears, and does not change while the program is
executing. \exitnote
\definition{undefined behavior}{defns.undefined}
behavior for which this International Standard
imposes no requirements\\
\enternote Undefined behavior may be expected when
this International Standard omits any explicit
definition of behavior or when a program uses an erroneous construct or erroneous data.
Permissible undefined behavior ranges
from ignoring the situation completely with unpredictable results, to
behaving during translation or program execution in a documented manner
characteristic of the environment (with or without the issuance of a
diagnostic message), to terminating a translation or execution (with the
issuance of a diagnostic message). Many erroneous program constructs do
not engender undefined behavior; they are required to be diagnosed.
\definition{unspecified behavior}{defns.unspecified}
behavior, for a well-formed program construct and correct data, that
depends on the implementation\\
\enternote The implementation is not required to
document which behavior occurs. The range of
possible behaviors is usually delineated by this International Standard.
\definition{well-formed program}{defns.well.formed}
\Cpp program constructed according to the syntax rules, diagnosable
semantic rules, and the One Definition Rule~(\ref{basic.def.odr}).%
\rSec1[intro.compliance]{Implementation compliance}
\indextext{conformance requirements|(}%
\indextext{conformance requirements!general|(}%
The set of
\defn{diagnosable rules}
consists of all syntactic and semantic rules in this International
Standard except for those rules containing an explicit notation that
``no diagnostic is required'' or which are described as resulting in
``undefined behavior.''
\indextext{conformance requirements!method of description}%
Although this International Standard states only requirements on \Cpp
implementations, those requirements are often easier to understand if
they are phrased as requirements on programs, parts of programs, or
execution of programs. Such requirements have the following meaning:
If a program contains no violations of the rules in this
International Standard, a conforming implementation shall,
within its resource limits, accept and correctly execute\footnote{``Correct execution'' can include undefined behavior, depending on
the data being processed; see~\ref{intro.defs} and~\ref{intro.execution}.}
that program.
If a program contains a violation of any diagnosable rule or an occurrence
of a construct described in this Standard as ``conditionally-supported'' when
the implementation does not support that construct, a conforming implementation
shall issue at least one diagnostic message.
If a program contains a violation of a rule for which no diagnostic
is required, this International Standard places no requirement on
implementations with respect to that program.
\indextext{conformance requirements!library|(}%
\indextext{conformance requirements!classes}%
\indextext{conformance requirements!class templates}%
For classes and class templates, the library Clauses specify partial
definitions. Private members~(Clause~\ref{class.access}) are not
specified, but each implementation shall supply them to complete the
definitions according to the description in the library Clauses.
For functions, function templates, objects, and values, the library
Clauses specify declarations. Implementations shall supply definitions
consistent with the descriptions in the library Clauses.
The names defined in the library have namespace
scope~(\ref{basic.namespace}). A \Cpp translation
unit~(\ref{lex.phases}) obtains access to these names by including the
appropriate standard library header~(\ref{cpp.include}).
The templates, classes, functions, and objects in the library have
external linkage~(\ref{}). The implementation provides
definitions for standard library entities, as necessary, while combining
translation units to form a complete \Cpp program~(\ref{lex.phases}).%
\indextext{conformance requirements!library|)}
Two kinds of implementations are defined: a \defn{hosted implementation} and a
\defn{freestanding implementation}. For a hosted implementation, this
International Standard defines the set of available libraries. A freestanding
implementation is one in which execution may take place without the benefit of
an operating system, and has an \impldef{required libraries for freestanding
implementation} set of libraries that includes certain language-support
A conforming implementation may have extensions (including
additional library functions), provided they do not alter the
behavior of any well-formed program.
Implementations are required to diagnose programs that use such
extensions that are ill-formed according to this International Standard.
Having done so, however, they can compile and execute such programs.
Each implementation shall include documentation that identifies all
conditionally-supported constructs\indextext{behavior!conditionally-supported}
that it does not support and defines all locale-specific characteristics.\footnote{This documentation also defines implementation-defined behavior;
\indextext{conformance requirements!general|)}%
\indextext{conformance requirements|)}%
\rSec1[intro.structure]{Structure of this International Standard}
\indextext{standard!structure of|(}%
\indextext{standard!structure of}%
Clauses~\ref{lex} through~\ref{cpp} describe the \Cpp programming
language. That description includes detailed syntactic specifications in
a form described in~\ref{syntax}. For convenience, Annex~\ref{gram}
repeats all such syntactic specifications.
Clauses~\ref{\firstlibchapter} through~\ref{\lastlibchapter} and Annex~\ref{depr}
(the \defn{library clauses}) describe the Standard \Cpp library.
That description includes detailed descriptions of the templates, classes, functions, constants, and macros that constitute the library, in a form described in Clause~\ref{library}.
Annex~\ref{implimits} recommends lower bounds on the capacity of conforming
Annex~\ref{diff} summarizes the evolution of \Cpp since its first
published description, and explains in detail the differences between
\Cpp and C. Certain features of \Cpp exist solely for compatibility
purposes; Annex~\ref{depr} describes those features.
Throughout this International Standard, each example is introduced by
``\enterexample'' and terminated by ``\exitexample''. Each note is
introduced by ``\enternote'' and terminated by ``\exitnote''. Examples
and notes may be nested.%
\indextext{standard!structure of|)}
\rSec1[syntax]{Syntax notation}
In the syntax notation used in this International Standard, syntactic
categories are indicated by \grammarterm{italic} type, and literal words
and characters in \tcode{constant} \tcode{width} type. Alternatives are
listed on separate lines except in a few cases where a long set of
alternatives is marked by the phrase ``one of.'' If the text of an alternative is too long to fit on a line, the text is continued on subsequent lines indented from the first one.
An optional terminal or non-terminal symbol is indicated by the subscript
``\opt'', so
\terminal{\{} expression\opt \terminal{\}}
indicates an optional expression enclosed in braces.%
Names for syntactic categories have generally been chosen according to
the following rules:
\item \grammarterm{X-name} is a use of an identifier in a context that
determines its meaning (e.g., \grammarterm{class-name},
\item \grammarterm{X-id} is an identifier with no context-dependent meaning
(e.g., \grammarterm{qualified-id}).
\item \grammarterm{X-seq} is one or more \grammarterm{X}'s without intervening
delimiters (e.g., \grammarterm{declaration-seq} is a sequence of
\item \grammarterm{X-list} is one or more \grammarterm{X}'s separated by
intervening commas (e.g., \grammarterm{expression-list} is a sequence of
expressions separated by commas).
\rSec1[intro.memory]{The \Cpp memory model}
\indextext{memory model|(}%
The fundamental storage unit in the \Cpp memory model is the
A byte is at least large enough to contain any member of the basic
\indextext{character set!basic execution}%
execution character set~(\ref{lex.charset})
and the eight-bit code units of the Unicode UTF-8 encoding form
and is composed of a contiguous sequence of
bits, the number of which is \impldef{bits in a byte}. The least
significant bit is called the \defn{low-order bit}; the most
significant bit is called the \defn{high-order bit}. The memory
available to a \Cpp program consists of one or more sequences of
contiguous bytes. Every byte has a unique address.
\enternote The representation of types is described
in~\ref{basic.types}. \exitnote
A \defn{memory location} is either an object of scalar type or a maximal
sequence of adjacent bit-fields all having non-zero width. \enternote Various
features of the language, such as references and virtual functions, might
involve additional memory locations that are not accessible to programs but are
managed by the implementation. \exitnote Two or more threads of
execution~(\ref{intro.multithread}) can update and access separate memory
locations without interfering with each other.
\enternote Thus a bit-field and an adjacent non-bit-field are in separate memory
locations, and therefore can be concurrently updated by two threads of execution
without interference. The same applies to two bit-fields, if one is declared
inside a nested struct declaration and the other is not, or if the two are
separated by a zero-length bit-field declaration, or if they are separated by a
non-bit-field declaration. It is not safe to concurrently update two bit-fields
in the same struct if all fields between them are also bit-fields of non-zero
width. \exitnote
\enterexample A structure declared as
struct {
char a;
int b:5,
struct {int ee:8;} e;
contains four separate memory locations: The field \tcode{a} and bit-fields
\tcode{d} and \tcode{} are each separate memory locations, and can be
modified concurrently without interfering with each other. The bit-fields
\tcode{b} and \tcode{c} together constitute the fourth memory location. The
bit-fields \tcode{b} and \tcode{c} cannot be concurrently modified, but
\tcode{b} and \tcode{a}, for example, can be. \exitexample%
\indextext{memory model|)}
\rSec1[intro.object]{The \Cpp object model}
\indextext{object model|(}%
The constructs in a \Cpp program create, destroy, refer to, access, and
manipulate objects. An \defn{object} is a region of storage.
\enternote A function is not an object, regardless of whether or not it
occupies storage in the way that objects do. \exitnote An object is
created by a \grammarterm{definition}~(\ref{basic.def}), by a
\grammarterm{new-expression}~(\ref{}) or by the
implementation~(\ref{class.temporary}) when needed. The properties of an
object are determined when the object is created. An object can have a
\grammarterm{name}~(Clause~\ref{basic}). An object has a \term{storage
duration}~(\ref{}) which influences its
\term{lifetime}~(\ref{}). An object has a
\term{type}~(\ref{basic.types}). The term \defn{object type} refers to
the type with which the object is created.
Some objects are
\term{polymorphic}~(\ref{class.virtual}); the implementation
generates information associated with each such object that makes it
possible to determine that object's type during program execution. For
other objects, the interpretation of the values found therein is
determined by the type of the \grammarterm{expression}{s} (Clause~\ref{expr})
used to access them.
Objects can contain other objects, called \defnx{subobjects}{subobject}.
A subobject can be
a \defn{member subobject}~(\ref{class.mem}), a \defn{base class subobject}
(Clause~\ref{class.derived}), or an array element.
An object that is not a subobject of any other object is called a \defn{complete
For every object \tcode{x}, there is some object called the
\defn{complete object of} \tcode{x}, determined as follows:
If \tcode{x} is a complete object, then \tcode{x} is the complete
object of \tcode{x}.
Otherwise, the complete object of \tcode{x} is the complete object
of the (unique) object that contains \tcode{x}.
If a complete object, a data member~(\ref{class.mem}), or an array element is of
class type, its type is considered the \defn{most derived
class}, to distinguish it from the class type of any base class subobject;
an object of a most derived class type or of a non-class type is called a
\defn{most derived object}.
\indextext{most derived object!bit-field}%
Unless it is a bit-field~(\ref{class.bit}), a most derived object shall have a
non-zero size and shall occupy one or more bytes of storage. Base class
subobjects may have zero size. An object of trivially copyable or
standard-layout type~(\ref{basic.types}) shall occupy contiguous bytes of
\indextext{most derived object!bit-field}%
\indextext{most derived object!zero size subobject}%
Unless an object is a bit-field or a base class subobject of zero size, the
address of that object is the address of the first byte it occupies. Two
objects that are not bit-fields
may have the same address if one is a subobject of the other, or if at least
one is a base class subobject of zero size and they are of different types;
otherwise, they shall have distinct addresses.\footnote{Under the ``as-if'' rule an
implementation is allowed to store two objects at the same machine address or
not store an object at all if the program cannot observe the
static const char test1 = 'x';
static const char test2 = 'x';
const bool b = &test1 != &test2; // always true
\Cpp provides a variety of fundamental types and several ways of composing
new types from existing types~(\ref{basic.types}).
\indextext{object model|)}
\rSec1[intro.execution]{Program execution}
\indextext{program execution|(}%
\indextext{program execution!abstract machine|(}%
The semantic descriptions in this International Standard define a
parameterized nondeterministic abstract machine. This International
Standard places no requirement on the structure of conforming
implementations. In particular, they need not copy or emulate the
structure of the abstract machine.
Rather, conforming implementations are required to emulate (only) the observable
behavior of the abstract machine as explained below.\footnote{This provision is
sometimes called the ``as-if'' rule, because an implementation is free to
disregard any requirement of this International Standard as long as the result
is \emph{as if} the requirement had been obeyed, as far as can be determined
from the observable behavior of the program. For instance, an actual
implementation need not evaluate part of an expression if it can deduce that its
value is not used and that no
\indextext{side effects}%
side effects affecting the
observable behavior of the program are produced.}
Certain aspects and operations of the abstract machine are described in this
International Standard as implementation-defined (for example,
\tcode{sizeof(int)}). These constitute the parameters of the abstract machine.
Each implementation shall include documentation describing its characteristics
and behavior in these respects.\footnote{This documentation also includes
conditionally-supported constructs and locale-specific behavior.
See~\ref{intro.compliance}.} Such documentation shall define the instance of the
abstract machine that corresponds to that implementation (referred to as the
``corresponding instance'' below).
Certain other aspects and operations of the abstract machine are
described in this International Standard as unspecified (for example,
order of evaluation of arguments to a function). Where possible, this
International Standard defines a set of allowable behaviors. These
define the nondeterministic aspects of the abstract machine. An instance
of the abstract machine can thus have more than one possible execution
for a given program and a given input.
Certain other operations are described in this International Standard as
undefined (for example, the effect of
attempting to modify a \tcode{const} object).
\enternote This International Standard imposes no requirements on the
behavior of programs that contain undefined behavior. \exitnote
A conforming implementation executing a well-formed program shall
produce the same observable behavior as one of the possible executions
of the corresponding instance of the abstract machine with the
same program and the same input. However, if any such execution contains an undefined operation, this International Standard places no
requirement on the implementation executing that program with that input
(not even with regard to operations preceding the first undefined
\indextext{behavior!on receipt of signal}%
When the processing of the abstract machine is interrupted by receipt of
a signal, the values of objects which are neither
\item of type \tcode{volatile std::sig_atomic_t} nor
\item lock-free atomic objects~(\ref{atomics.lockfree})
are unspecified during the execution of the signal handler, and the value of any
object not in either of these two categories that is modified by the handler
becomes undefined.%
\indextext{program execution!abstract machine|)}
An instance of each object with automatic storage
duration~(\ref{}) is associated with each entry into its
block. Such an object exists and retains its last-stored value during
the execution of the block and while the block is suspended (by a call
of a function or receipt of a signal).
\indextext{conformance requirements}
The least requirements on a conforming implementation are:
Access to volatile objects are evaluated strictly according to the
rules of the abstract machine.
At program termination, all data written into files shall be
identical to one of the possible results that execution of the program
according to the abstract semantics would have produced.
The input and output dynamics of interactive devices shall take
place in such a fashion that prompting output is actually delivered before a program waits for input. What constitutes an interactive device is
\impldef{interactive device}.
These collectively are referred to as the
\defnx{observable behavior}{behavior!observable} of the program.
\enternote More stringent correspondences between abstract and actual
semantics may be defined by each implementation. \exitnote
\indextext{operator!precedence of}%
\indextext{expression!order of evaluation of}%
\enternote Operators can be regrouped according to the usual
mathematical rules only where the operators really are associative or
commutative.\footnote{Overloaded operators are never assumed to be associative or
commutative. }
For example, in the following fragment
int a, b;
a = a + 32760 + b + 5;
the expression statement behaves exactly the same as
a = (((a + 32760) + b) + 5);
due to the associativity and precedence of these operators. Thus, the
result of the sum \tcode{(a + 32760)} is next added to \tcode{b}, and
that result is then added to 5 which results in the value assigned to
\tcode{a}. On a machine in which overflows produce an exception and in
which the range of values representable by an \tcode{int} is
\crange{-32768}{+32767}, the implementation cannot rewrite this
expression as
a = ((a + b) + 32765);
since if the values for \tcode{a} and \tcode{b} were, respectively,
-32754 and -15, the sum \tcode{a + b} would produce an exception while
the original expression would not; nor can the expression be rewritten
either as
a = ((a + 32765) + b);
a = (a + (b + 32765));
since the values for \tcode{a} and \tcode{b} might have been,
respectively, 4 and -8 or -17 and 12. However on a machine in which
overflows do not produce an exception and in which the results of
overflows are reversible, the above expression statement can be
rewritten by the implementation in any of the above ways because the
same result will occur. \exitnote
A \defn{full-expression} is an expression that is not a
subexpression of another expression. If a language construct is defined
to produce an implicit call of a function, a use of the language
construct is considered to be an expression for the purposes of this
definition. A call to a destructor generated at the end of the lifetime
of an object other than a temporary object is an implicit
full-expression. Conversions applied to the result of an expression in
order to satisfy the requirements of the language construct in which the
expression appears are also considered to be part of the
struct S {
S(int i): I(i) { }
int& v() { return I; }
int I;
S s1(1); // full-expression is call of \tcode{S::S(int)}
S s2 = 2; // full-expression is call of \tcode{S::S(int)}
void f() {
if (S(3).v()) // full-expression includes lvalue-to-rvalue and
// \tcode{int} to \tcode{bool} conversions, performed before
// temporary is deleted at end of full-expression
{ }
\enternote The evaluation of a full-expression can include the
evaluation of subexpressions that are not lexically part of the
full-expression. For example, subexpressions involved in evaluating
default arguments~(\ref{dcl.fct.default}) are considered to
be created in the expression that calls the function, not the expression
that defines the default argument. \exitnote
\indextext{value computation|(}%
Accessing an object designated by a \tcode{volatile}
glvalue~(\ref{basic.lval}), modifying an object, calling a library I/O
function, or calling a function that does any of those operations are
\defn{side effects}, which are changes in the state of the execution
environment. \defn{Evaluation} of an expression (or a
sub-expression) in general includes both value computations (including
determining the identity of an object for glvalue evaluation and fetching
a value previously assigned to an object for prvalue evaluation) and
initiation of side effects. When a call to a library I/O function
returns or an access to a \tcode{volatile} object is evaluated the side
effect is considered complete, even though some external actions implied
by the call (such as the I/O itself) or by the \tcode{volatile} access
may not have completed yet.
\defn{Sequenced before} is an asymmetric, transitive, pair-wise relation between
evaluations executed by a single thread~(\ref{intro.multithread}), which induces
a partial order among those evaluations. Given any two evaluations \term{A} and
\term{B}, if \term{A} is sequenced before \term{B}, then the execution of
\term{A} shall precede the execution of \term{B}. If \term{A} is not sequenced
before \term{B} and \term{B} is not sequenced before \term{A}, then \term{A} and
\term{B} are \defn{unsequenced}. \enternote The execution of unsequenced
evaluations can overlap. \exitnote Evaluations \term{A} and \term{B} are
\defn{indeterminately sequenced} when either \term{A} is sequenced before
\term{B} or \term{B} is sequenced before \term{A}, but it is unspecified which.
\enternote Indeterminately sequenced evaluations cannot overlap, but either
could be executed first. \exitnote
\indextext{value computation}%
value computation and
\indextext{side effects}%
side effect associated with a full-expression is
sequenced before every value computation and side effect associated with the
next full-expression to be evaluated.\footnote{As specified
in~\ref{class.temporary}, after a full-expression is evaluated, a sequence of
zero or more invocations of destructor functions for temporary objects takes
place, usually in reverse order of the construction of each temporary object.}.
\indextext{evaluation!unspecified order~of}%
Except where noted, evaluations of operands of individual operators and
of subexpressions of individual expressions are unsequenced. \enternote
In an expression that is evaluated more than once during the execution
of a program, unsequenced and indeterminately sequenced evaluations of
its subexpressions need not be performed consistently in different
evaluations. \exitnote The value computations of the operands of an
operator are sequenced before the value computation of the result of the
operator. If a
\indextext{side effects}%
side effect on a scalar object is unsequenced relative to
either another side effect on the same scalar object or a value
computation using the value of the same scalar object, the behavior is
void f(int, int);
void g(int i, int* v) {
i = v[i++]; // the behavior is undefined
i = 7, i++, i++; // \tcode{i} becomes \tcode{9}
i = i++ + 1; // the behavior is undefined
i = i + 1; // the value of \tcode{i} is incremented
f(i = -1, i = -1); // the behavior is undefined
When calling a function (whether or not the function is inline), every
\indextext{value computation}%
value computation and
\indextext{side effects}%
side effect associated with any argument
expression, or with the postfix expression designating the called
function, is sequenced before execution of every expression or statement
in the body of the called function. \enternote
Value computations and
side effects associated with different argument expressions are
unsequenced. \exitnote Every evaluation in the calling function
(including other function calls) that is not otherwise specifically
sequenced before or after the execution of the body of the called
function is indeterminately sequenced with respect to the execution of
the called function.\footnote{In other words, function executions do not interleave with
each other.}
Several contexts in \Cpp cause evaluation of a function call, even
though no corresponding function call syntax appears in the translation
Evaluation of a \tcode{new} expression invokes one or more allocation
and constructor functions; see~\ref{}. For another example,
invocation of a conversion function~(\ref{class.conv.fct}) can arise in
contexts in which no function call syntax appears.
The sequencing constraints on the execution of the called function (as
described above) are features of the function calls as evaluated,
whatever the syntax of the expression that calls the function might be.%
\indextext{value computation|)}%
\indextext{program execution|)}
\rSec1[intro.multithread]{Multi-threaded executions and data races}
A \defn{thread of execution} (also known as a \defn{thread}) is a single flow of
control within a program, including the initial invocation of a specific
top-level function, and recursively including every function invocation
subsequently executed by the thread. \enternote When one thread creates another,
the initial call to the top-level function of the new thread is executed by the
new thread, not by the creating thread. \exitnote Every thread in a program can
potentially access every object and function in a program.\footnote{An object
with automatic or thread storage duration~(\ref{}) is associated with
one specific thread, and can be accessed by a different thread only indirectly
through a pointer or reference~(\ref{basic.compound}).} Under a hosted
implementation, a \Cpp program can have more than one thread running
concurrently. The execution of each thread proceeds as defined by the remainder
of this standard. The execution of the entire program consists of an execution
of all of its threads. \enternote Usually the execution can be viewed as an
interleaving of all its threads. However, some kinds of atomic operations, for
example, allow executions inconsistent with a simple interleaving, as described
below. \exitnote Under a freestanding implementation, it is \impldef{number of
threads in a program under a freestanding implementation} whether a program can
have more than one thread of execution.
Implementations should ensure that all unblocked threads eventually make
progress. \enternote Standard library functions may silently block on I/O or
locks. Factors in the execution environment, including externally-imposed thread
priorities, may prevent an implementation from making certain guarantees of
forward progress. \exitnote
The value of an object visible to a thread \term{T} at a particular point is the
initial value of the object, a value assigned to the object by \term{T}, or a
value assigned to the object by another thread, according to the rules below.
\enternote In some cases, there may instead be undefined behavior. Much of this
section is motivated by the desire to support atomic operations with explicit
and detailed visibility constraints. However, it also implicitly supports a
simpler view for more restricted programs. \exitnote
Two expression evaluations \defn{conflict} if one of them modifies a memory
location~(\ref{intro.memory}) and the other one accesses or modifies the same
memory location.
The library defines a number of atomic operations (Clause~\ref{atomics}) and
operations on mutexes (Clause~\ref{thread}) that are specially identified as
synchronization operations. These operations play a special role in making
assignments in one thread visible to another. A synchronization operation on one
or more memory locations is either a consume operation, an acquire operation, a
release operation, or both an acquire and release operation. A synchronization
operation without an associated memory location is a fence and can be either an
acquire fence, a release fence, or both an acquire and release fence. In
addition, there are relaxed atomic operations, which are not synchronization
operations, and atomic read-modify-write operations, which have special
characteristics. \enternote For example, a call that acquires a mutex will
perform an acquire operation on the locations comprising the mutex.
Correspondingly, a call that releases the same mutex will perform a release
operation on those same locations. Informally, performing a release operation on
\term{A} forces prior
\indextext{side effects}%
side effects on other memory locations to become visible
to other threads that later perform a consume or an acquire operation on
\term{A}. ``Relaxed'' atomic operations are not synchronization operations even
though, like synchronization operations, they cannot contribute to data races.
All modifications to a particular atomic object \term{M} occur in some
particular total order, called the \defn{modification order} of \term{M}. If
\term{A} and \term{B} are modifications of an atomic object \term{M} and
\term{A} happens before (as defined below) \term{B}, then \term{A} shall precede
\term{B} in the modification order of \term{M}, which is defined below.
\enternote This states that the modification orders must respect the ``happens
before'' relationship. \exitnote \enternote There is a separate order for each
atomic object. There is no requirement that these can be combined into a single
total order for all objects. In general this will be impossible since different
threads may observe modifications to different objects in inconsistent orders.
A \defn{release sequence} headed by a release operation \term{A} on an atomic object
\term{M} is a maximal contiguous sub-sequence of
\indextext{side effects}%
side effects in the
modification order of \term{M}, where the first operation is \tcode{A}, and
every subsequent operation
\item is performed by the same thread that performed \tcode{A}, or
\item is an atomic read-modify-write operation.
Certain library calls \defn{synchronize with} other library calls performed by
another thread. For example, an atomic store-release synchronizes with a
load-acquire that takes its value from the store~(\ref{atomics.order}).
\enternote Except in the specified cases, reading a later value does not
necessarily ensure visibility as described below. Such a requirement would
sometimes interfere with efficient implementation. \exitnote \enternote The
specifications of the synchronization operations define when one reads the value
written by another. For atomic objects, the definition is clear. All operations
on a given mutex occur in a single total order. Each mutex acquisition ``reads
the value written'' by the last mutex release. \exitnote
An evaluation \term{A} \defn{carries a dependency} to an evaluation \term{B} if
the value of \term{A} is used as an operand of \term{B}, unless:
\term{B} is an invocation of any specialization of
\tcode{std::kill_dependency}~(\ref{atomics.order}), or
\term{A} is the left operand of a built-in logical AND (\tcode{\&\&},
see~\ref{expr.log.and}) or logical OR (\tcode{||}, see~\ref{expr.log.or})
operator, or
\term{A} is the left operand of a conditional (\tcode{?:}, see~\ref{expr.cond})
operator, or
\term{A} is the left operand of the built-in comma (\tcode{,})
operator~(\ref{expr.comma}); \end{itemize} or
\term{A} writes a scalar object or bit-field \term{M}, \term{B} reads the value
written by \term{A} from \term{M}, and \term{A} is sequenced before \term{B}, or
for some evaluation \term{X}, \term{A} carries a dependency to \term{X}, and
\term{X} carries a dependency to \term{B}.
\enternote ``Carries a dependency to'' is a subset of ``is sequenced before'',
and is similarly strictly intra-thread. \exitnote
An evaluation \term{A} is \defn{dependency-ordered before} an evaluation
\term{B} if
\term{A} performs a release operation on an atomic object \term{M}, and, in
another thread, \term{B} performs a consume operation on \term{M} and reads a
value written by any
\indextext{side effects}%
side effect in the release sequence headed by \term{A}, or
for some evaluation \term{X}, \term{A} is dependency-ordered before \term{X} and
\term{X} carries a dependency to \term{B}.
\enternote The relation ``is dependency-ordered before'' is analogous to
``synchronizes with'', but uses release/consume in place of release/acquire.
An evaluation \term{A} \defn{inter-thread happens before} an evaluation \term{B}
\term{A} synchronizes with \term{B}, or
\term{A} is dependency-ordered before \term{B}, or
for some evaluation \term{X}
\term{A} synchronizes with \term{X} and \term{X} is sequenced before \term{B},
\term{A} is sequenced before \term{X} and \term{X} inter-thread happens before
\term{B}, or
\term{A} inter-thread happens before \term{X} and \term{X} inter-thread happens
before \term{B}.
\enternote The ``inter-thread happens before'' relation describes arbitrary
concatenations of ``sequenced before'', ``synchronizes with'' and
``dependency-ordered before'' relationships, with two exceptions. The first
exception is that a concatenation is not permitted to end with
``dependency-ordered before'' followed by ``sequenced before''. The reason for
this limitation is that a consume operation participating in a
``dependency-ordered before'' relationship provides ordering only with respect
to operations to which this consume operation actually carries a dependency. The
reason that this limitation applies only to the end of such a concatenation is
that any subsequent release operation will provide the required ordering for a
prior consume operation. The second exception is that a concatenation is not
permitted to consist entirely of ``sequenced before''. The reasons for this
limitation are (1) to permit ``inter-thread happens before'' to be transitively
closed and (2) the ``happens before'' relation, defined below, provides for
relationships consisting entirely of ``sequenced before''. \exitnote
An evaluation \term{A} \defn{happens before} an evaluation \term{B} if:
\item \term{A} is sequenced before \term{B}, or
\item \term{A} inter-thread happens before \term{B}.
The implementation shall ensure that no program execution demonstrates a cycle
in the ``happens before'' relation. \enternote This cycle would otherwise be
possible only through the use of consume operations. \exitnote
A \defnx{visible side effect}{side effects!visible} \term{A} on a scalar object or bit-field \term{M}
with respect to a value computation \term{B} of \term{M} satisfies the
\item \term{A} happens before \term{B} and
\item there is no other
\indextext{side effects}%
side effect \term{X} to \term{M} such that \term{A}
happens before \term{X} and \term{X} happens before \term{B}.
The value of a non-atomic scalar object or bit-field \term{M}, as determined by
evaluation \term{B}, shall be the value stored by the
\indextext{side effects!visible}%
visible side effect
\term{A}. \enternote If there is ambiguity about which side effect to a
non-atomic object or bit-field is visible, then the behavior is either
unspecified or undefined. \exitnote \enternote This states that operations on
ordinary objects are not visibly reordered. This is not actually detectable
without data races, but it is necessary to ensure that data races, as defined
below, and with suitable restrictions on the use of atomics, correspond to data
races in a simple interleaved (sequentially consistent) execution. \exitnote
The \defnx{visible sequence of side effects}{side effects!visible sequence of}
on an atomic object \term{M}, with
respect to a
\indextext{value computation}%
value computation \term{B} of \term{M}, is a maximal contiguous
sub-sequence of
\indextext{side effects}%
side effects in the modification order of \term{M}, where the
\indextext{side effects}%
side effect is visible with respect to \term{B}, and for every side
effect, it is not the case that \term{B} happens before it. The value of an
atomic object \term{M}, as determined by evaluation \term{B}, shall be the value
stored by some operation in the visible sequence of \term{M} with respect to
\term{B}. \enternote It can be shown that the visible sequence of
\indextext{side effects}%
side effects
of a value computation is unique given the coherence requirements below.
If an operation \term{A} that modifies an atomic object \term{M} happens before
an operation \term{B} that modifies \term{M}, then \term{A} shall be earlier
than \term{B} in the modification order of \term{M}. \enternote This requirement
is known as write-write coherence. \exitnote
If a
\indextext{value computation}%
value computation \term{A} of an atomic object \term{M} happens before a
value computation \term{B} of \term{M}, and \term{A} takes its value from a side
effect \term{X} on \term{M}, then the value computed by \term{B} shall either be
the value stored by \term{X} or the value stored by a
\indextext{side effects}%
side effect \term{Y} on
\term{M}, where \term{Y} follows \term{X} in the modification order of \term{M}.
\enternote This requirement is known as read-read coherence. \exitnote
If a
\indextext{value computation}%
value computation \term{A} of an atomic object \term{M} happens before an
operation \term{B} on \term{M}, then \term{A} shall take its value from a side
effect \term{X} on \term{M}, where \term{X} precedes \term{B} in the
modification order of \term{M}. \enternote This requirement is known as
read-write coherence. \exitnote
If a
\indextext{side effects}%
side effect \term{X} on an atomic object \term{M} happens before a value
computation \term{B} of \term{M}, then the evaluation \term{B} shall take its
value from \term{X} or from a
\indextext{side effects}%
side effect \term{Y} that follows \term{X} in the
modification order of \term{M}. \enternote This requirement is known as
write-read coherence. \exitnote
\enternote The four preceding coherence requirements effectively disallow
compiler reordering of atomic operations to a single object, even if both
operations are relaxed loads. This effectively makes the cache coherence
guarantee provided by most hardware available to \Cpp atomic operations.
\enternote The visible sequence of
\indextext{side effects}%
side effects depends on the ``happens
before'' relation, which depends on the values observed by loads of atomics,
which we are restricting here. The intended reading is that there must exist an
association of atomic loads with modifications they observe that, together with
suitably chosen modification orders and the ``happens before'' relation derived
as described above, satisfy the resulting constraints as imposed here. \exitnote
The execution of a program contains a \defn{data race} if it contains two
conflicting actions in different threads, at least one of which is not atomic,
and neither happens before the other. Any such data race results in undefined
behavior. \enternote It can be shown that programs that correctly use mutexes
and \tcode{memory_order_seq_cst} operations to prevent all data races and use no
other synchronization operations behave as if the operations executed by their
constituent threads were simply interleaved, with each
\indextext{value computation}%
value computation of an
object being taken from the last
\indextext{side effects}%
side effect on that object in that
interleaving. This is normally referred to as ``sequential consistency''.
However, this applies only to data-race-free programs, and data-race-free
programs cannot observe most program transformations that do not change
single-threaded program semantics. In fact, most single-threaded program
transformations continue to be allowed, since any program that behaves
differently as a result must perform an undefined operation. \exitnote
\enternote Compiler transformations that introduce assignments to a potentially
shared memory location that would not be modified by the abstract machine are
generally precluded by this standard, since such an assignment might overwrite
another assignment by a different thread in cases in which an abstract machine
execution would not have encountered a data race. This includes implementations
of data member assignment that overwrite adjacent members in separate memory
locations. Reordering of atomic loads in cases in which the atomics in question
may alias is also generally precluded, since this may violate the ``visible
sequence'' rules. \exitnote
\enternote Transformations that introduce a speculative read of a potentially
shared memory location may not preserve the semantics of the \Cpp program as
defined in this standard, since they potentially introduce a data race. However,
they are typically valid in the context of an optimizing compiler that targets a
specific machine with well-defined semantics for data races. They would be
invalid for a hypothetical machine that is not tolerant of races or provides
hardware race detection. \exitnote
The implementation may assume that any thread will eventually do one of the
make a call to a library I/O function,
access or modify a volatile object, or
perform a synchronization operation or an atomic operation.
\enternote This is intended to allow compiler transformations such as removal of
empty loops, even when termination cannot be proven. \exitnote
An implementation should ensure that the last value (in modification order)
assigned by an atomic or synchronization operation will become visible to all
other threads in a finite period of time.%
The \Cpp programming language as described in this International
Standard is based on the language as described in Chapter R (Reference
Manual) of Stroustrup: \doccite{The \Cpp Programming Language} (second
edition, Addison-Wesley Publishing Company, ISBN 0-201-53992-6,
copyright \copyright 1991 AT\&T). That, in turn, is based on the C
programming language as described in Appendix A of Kernighan and
Ritchie: \doccite{The C Programming Language} (Prentice-Hall, 1978, ISBN
0-13-110163-3, copyright \copyright 1978 AT\&T).
Portions of the library Clauses of this International Standard are based
on work by P.J. Plauger, which was published as \doccite{The Draft
Standard \Cpp Library} (Prentice-Hall, ISBN 0-13-117003-1, copyright
\copyright 1995 P.J. Plauger).
POSIX\textregistered\ is a registered trademark of the Institute of Electrical and
Electronic Engineers, Inc.
All rights in these originals are reserved.
Jump to Line
Something went wrong with that request. Please try again.